Fiddler Usage With Secured Database
When you want to use fiddler with secure database you need to configure fiddler that it could response and do requests as you.
Respond to Requests Requiring a Client Certificate
First you need to create .CER file:
Open Manege User certificates
Right-click the certificate in Personal Certificates Store.
Click All Tasks > Export
Then you need to specify the .CER file for Fiddler to return for a given session.
You have two options to do so:
- Add a FiddlerScript to OnBeforeRequest function:
oSession["https-Client-Certificate"] = "C:\\test\\someCert.cer";
- Place your .CER file in '%USERPROFILE%\My Documents\Fiddler2\ClientCertificate.cer' ( the name must be ClientCertificate.cer)
If you do this your client certificate is exposed through fiddler
Accepting response by the client
Option 1: Configure Windows Client to trust Fiddler Root Certificate
Click Tools > Fiddler Options > HTTPS.
Click the Decrypt HTTPS Traffic box.
Trust the Fiddler Root certificate?, click Yes.
Do you want to install this certificate?, click Yes.
If you do this windows will automatically trust any certificate issued by this CA. This is a security risk!
Option 2: Client will ignore certificate validation
In the application you should set:
Raven.Client.Http.RequestExecutor.RemoteCertificateValidationCallback += (sender, cert, chain, errors) => true;
If you do this and forget to remove it from your code, your client will accept any response!